Situational approach to information security

Abstract

The article justifies the imperatives of applying the situational approach to information security management (ISM). We modified the model of the Information Security Management System (ISMS), which is the basis of ISO/IEC 27005: 2011: we added the “Decision Making” stage after the “Determining the main criteria” step. The solution is to choose an approach to proccesing information security risks — their assessment, impact and taking — based on certain criteria. Using the developed algorithm, we implemented a cognitive software module of the information system management (ISM) in an educational institution. The use of the cognitive software module has significantly reduced the labor costs of specialists in the Information Security (IS) Department, including automation of the reporting procedures. The application of the situational approach allowed us to integrate a person into the automated system to ensure the cybersecurity of the educational sector.